“We need to pay attention to people who may not have a cybersecurity or information security background,” she said. “We as leaders need to identify other talents and/or experience and soft skills they possess and recognize how that could be of value for our programs or roles we’re looking to fill.”
Coming up from help desks, the ground floor in IT, gave Elizabeth Ogunti, the CISO at JBT Technologies, a greater understanding for what the IT team as a whole experiences. It’s also made her ardently determined to bridge the communication gap between IT and the rest of her company’s business.
“My biggest challenge is making sure that leadership understands the value of the IT environment, including what it takes to secure it,” said Ogunti, whose company provides technology solutions to the food processing and air transportation industries.
“Data security comes with the territory. But one of my missions is to help the organization as a whole gain a security mindset. Realizing that each team member plays an important role in maintaining a secure JBT environment and providing education about the importance of practicing safe data handling.”
In her current role, Ogunti is trying to introduce several innovations, including network segmentation and a new approach to passwords, possibly through password managers or a passwordless environment altogether. She’s also weighing increased usage of Microsoft tools.
In an age of budget constraints, Ogunti said she tries to be thoughtful in her request for tools.
“When I first arrived at JBT nearly seven years ago, I did mapping exercises for controls and the policies and tools we had in place. And then I documented the deficiencies and made a roadmap to mitigate risk,” she said.
“I review the roadmap annually to determine what’s next. I don’t ask for a bunch of stuff every year. I tell my team to talk to vendors to see if we are using tools to maximum benefit. And I work with our managed service providers to get the most out of our contract. And then I take a look to see what’s next. I think by doing that it puts you in a better place toward understanding your network, environment, and risk mitigation so when those constraints come, you can be in a good place.”
Ogunti is a big advocate of hiring from within. Her current team started out as a person of one. Over time, she’s brought on three more people with varying backgrounds – for types of jobs they didn’t perform before.
“We need to pay attention to people who may not have a cybersecurity or information security background,” she said. “We as leaders need to identify other talents and/or experience and soft skills they possess and recognize how that could be of value for our programs or roles we’re looking to fill.”
She urges cyber professionals not to feel pigeonholed into any single area.
“Cybersecurity is a broad field,” she said “There are so many areas that folks can get into that require a varied skill set.”
Ogunti, a 10-year veteran of the Army military police, went to school for programming. She intended to be a C++ programmer, but when she was job-hunting, an opportunity to join EDS and work in a Windows environment opened. It’s something she didn’t have experience with at the time, but mentors, she said, “helped me get up to speed.”
She did network administration there and at FMC Technologies – a founding company of JBT – where she later become an auditor for Sarbanes-Oxley compliance. She was a special projects IT auditor at PWC, an information security program analyst at BMO Harris Bank, and at JBT, she started out as a contract IT SOX auditor before working her way up to CISO in November 2020.
Ogunti expects the CISO role to expand exponentially over the next couple of years, with more involvement in the boardroom.
“Cybersecurity is now the main focus for everyone,” she said. “As more organizations’ leadership realize this, they’re going to want to have someone on their team who understands security and how the organization is performing and mitigating risk.
“You also have regulatory changes that are taking place,” she added. “The Department of Defense has a whole certification process for businesses that want to do contractual work with them. And the Security and Exchange Commission is going to put more responsibility on board members to understand cybersecurity in their organizations. Our role is going to increase and take on more value.”
A successful CISO, Ogunti said, needs to be an effective communicator with both the IT sector and on the business side, in order to convey risk and security issues to business professionals who don’t understand IT lingo.
“I also think CISOs need to be open and relatable. Because security affects everyone, not only in the office, but at home. So if you want cooperation, you need to be approachable,” she said.
The CISO title, she said, “doesn’t put me on any different level in my mind.”
“To me, I’m still part of the help desk. I’m still a part of the IT people,” Ogunti said. “I think that lends to my credibility as a CISO, because I understand IT.“
Outside the office, Ogunti serves on the board of the Unity Parenting and Counseling, an organization that helps at-risk youth, as well as foster and homeless families. She is an Associate Board member of the Union League Boys and Girls Club as well.
To unwind, she crochets – something she picked back up during the Covid-19 pandemic. She likes to binge-watch TV shows like Ozark, reads spy novels and history books, trains her Cane Corso, and hangs out with family.
She also does a lot of dancing, of all different types. “Dancing is something I really enjoy,” she said.